Scalpy [bot]
Scalpy [bot]
Branch the below projects with cstruct patches and dependency on >=4.0.dev
ReFS is currently not supported and therefor gives us a hard time investigating systems we encounter with it. More information can be found on [https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview.](https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview.)
in the utils.py, there are two instances where `--output_file` is used instead of `--output-file` this needs to be changed for consistency [https://github.com/fox-it/acquire/blob/8a3a0b5eaf3d6e251aa52b5cad7e0b49a22cf7cd/acquire/utils.py#L302](https://github.com/fox-it/acquire/blob/8a3a0b5eaf3d6e251aa52b5cad7e0b49a22cf7cd/acquire/utils.py#L302|smart-link)
Acquire can give confusing output, that does not make it obvious whether it exited cleanly or not. Even after a summary it sometimes still provides confusing output. This makes it...
Currently it’s only used when the target is ESXi, not necessarily the host system. This can give issues when trying to acquire an offline VM from an ESXi shell directly,...
The UEFI partition is FAT based, and dissect.fat _should_ just work. Might need some investigation into the differences between Windows and Linux based systems.
The following files would be beneficial when collecting data with Acquire. {code:java} C:\$LogFile C:\$Extend\$UsnJrnl:$Max C:\$Extend\$RmMetadata\$TxfLog\$Tops:$T C:\$Extend\$RmMetadata\$TxfLog\$T{code}
Instead of a python function for everything
We recently had a case where relevant logs (and other traces) were stored in Docker volumes. It would be nice to have a way (a {{docker}} plugin?) to acquire the...
During a CERT case it was observed that the actors were using the Atera Management Agent. This agent seems to use the Splashtop Remote Access Tool underlying. We'll need to...